Organizations and individuals frequently seek to prevent computing systems from transmitting sensitive data outside or within a network. The network may include a virtual network that hosts virtual machines, which may connect to each other and/or to an external network through a virtual switch. To protect such a network, an organization may install data loss prevention software or products on the server that hosts the virtual machines. For example, a corporation may expect each virtual machine to maintain an endpoint protection agent to monitor network communications for data loss prevention policy violations.
Unfortunately, maintaining individual endpoint protection agents for each virtual machine may expose the agent to the end user. Such exposure may reveal information to the user that may allow them to circumvent the data loss prevention system. Maintaining multiple endpoint protection agents may additionally consume more system resources than may be desirable. Alternatives to endpoint agents, such as providing data loss prevention functionality at a gateway proxy, may involve the use of specific protocols. These protocols may fail to provide metadata that would otherwise permit execution of data loss prevention policies tailored to individual users. Additionally or alternatively, systems such as gateway proxies may fail to protect against forms of data loss that do not involve information leaving the network, such as data transfers between virtual machines. Accordingly, the instant disclosure identifies and addresses a need for additional and improved systems and methods for preventing data loss over virtualized networks.